Changelog for 2005

0.5.70 alpha 3 (2005-12-27)

  • Many fixes for UTF-8 support in vuurmuur_conf.
  • Improved connection viewer, which supports showing accounting data per connection.
  • Vuurmuur, vuurmuur_log and vuurmuur_conf now also have long options thanx to Stefan Ubbink!
  • Added manual pages for vuurmuur, vuurmuur_log, vuurmuur_script and vuurmuur_conf.
  • Many fixes for manipulating an empty ruleset.

0.5.70 alpha 2 (2005-12-18)

  • UTF-8 support for translations in vuurmuur_conf

0.5.70 alpha 1 (2005-12-07)

  • Made the logging of INVALID packets, SCAN probes, new TCP no SYN and fragments optional.
  • Synlimits and udplimits are now enforced against accepted and queue'd connections, not against all packets.
  • Added a -k (keep) option to the 'vuurmuur'-command, that does not remove the input file for iptables-restore. Useful for debugging.
  • If you change the devicename, the interface will automaticly be set 'virtual' if the devicename contains a ":"-character.
  • Added a fix for vuurmuur_conf not being able to use any other path for its config than /etc/vuurmuur/vuurmuur_conf.conf
  • The rpm specs now also support Fedora Core, Mandriva and Redwall. Thanx Alex!
  • Added Norwegian translation. Thanx Per Olav Siggerud!
  • Fixed a crash in saving the vuurmuur_conf settings if the configfile could not be found.

0.5.69 (2005-11-21)

  • No changes since alpha 6.

0.5.69 alpha 6 (2005-11-15)

  • Fix a bug with saving rule comments. Thanx for reporting TigerP@irc!
  • Fix building of debian packages.

0.5.69 alpha 5 (2005-11-10)

  • Added a fix for systems without nat not working.
  • Fixed a bug where long chain names could cause a segmentation fault.
  • Added rc.vuurmuur and README.SLACKWARE files written for Slackware by Nicolas Dejardin.
  • Updated Brazilian Portuguese translation.

0.5.69 alpha 4 (2005-11-06)

  • Updated russian translation.
  • Added a french translation.
  • Fix interfaces network_refcnt not being updated on network removal. If you removed a network with interfaces attached to it, you could no longer remove the interfaces.

0.5.69 alpha 3 (2005-11-01)

  • Large translation update to reduce the number of translatable strings.

0.5.69 alpha 2 (2005-10-20)

  • Hugo updated the Brazilian Portuguese translation.
  • Alex wrote spec files for rpm support.
  • Some changes to the build process to support the rpm-building.

0.5.69 alpha 1 (2005-10-11)

  • Fixed a bug with renaming a network. It could cause an error when updating the rules with the new name. Thanx Hugo for the report.
  • Fixed another case where a portfw connection looked like an incoming connection.
  • Really fixed the "Broken Pipe" messages this time: let me know if the fix has negative side-effects.
  • Virtual interfaces are no longer shown in the status screen.
  • Fixed a bug with sometimes loglines beeing followed by an extra newline in the logviewer.
  • Real userid is now detemined on startup (the user before su/sudo).
  • Added a separate audit.log, in which all configuration changes are logged, including the username.


  • No changes since alpha 10.

0.5.68 alpha 10

  • Hugo updated the Brazilian Portuguese translation.
  • Very minor update to the Dutch translation.
  • Fixed the status about the system not beeing properly updated.
  • Fixed debs not installing services properly.
  • Fixed a crash that would occur when switching on the 'draw status in main menu option'.
  • Alex updated the Russian translation.

0.5.68 alpha 9

  • Fixed apply in vuurmuur_script hanging when vuurmuur and vuurmuur_log are not running.
  • Added the --list-blocked option to vuurmuur_script. Written by Adi Kriegisch.
  • Fixed the logging missing newline and thus making a mess of the logfiles.

0.5.68 alpha 8

  • Added a --block and --unblock options to vuurmuur_script. Written by Adi Kriegisch.
  • Added a fix for vuurmuur_conf to compile on Fedora Core 4 (gcc4).
  • Fixed the autopackage installing the services in a wrong path.
  • Non-existing hosts/groups that are in the blocklist are now loaded into Vuurmuur_conf, so they can be removed there.
  • The traffic volume section now hides virtual interfaces to safe space for people with lots of them. No data was displayed for them anyway.
  • Added --apply option to vuurmuur_script, that tries to apply the changes immediately.

0.5.68 alpha 7

  • Fixed a buggy indicator introduced in alpha 6.
  • Added logfunctions that both log and print to stdout.
  • Updated Dutch translation.
  • Really fixed the installer to copy the services this time.
  • Added a fix that should fix installing the autopackage on Suse 8.0 systems.

0.5.68 alpha 6

  • Added indicators to lists with items that don't fit on the screen, so the user know there are more items.
  • Fixed the installing of the services in the config on a new source install.
  • Updated Brazilian Portuguese translation. Thanks Hugo!
  • Added input validation to vuurmuur_script.
  • Combined the three autopackages to one package.

0.5.68 alpha 5

  • Fixed another bug with the rules, also introduced in alpha 3.
  • Disabled the 'old create method' because it is difficult to test and maintain.
  • Added support for binreloc which is needed in preparation of future Autopackage support. It can be enabled in ./configure with --enable-binreloc
  • The readme and install docs are now installed to (datadir)/doc/vuurmuur
  • Added russian translation of the docs. Thank you Alex!

0.5.68 alpha 4

  • Fixed a bug introduced in aplha 3 that caused the rulesfile to become unreadable.

0.5.68 alpha 3

  • The installer should no longer fail to --install when the etcdir already exists.
  • Renamed sepparator to separator.
  • The 'interface up' information should be more reliable.
  • Added a warning to the edit_host screen when no ipaddress is filled in.
  • The device of an interface is now stored as 'DEVICE' instead of as 'INTERFACE'.
  • Changes made to an interface in Vuurmuur_conf are now logged.
  • Renamed Bandwidth to Traffic Volume.
  • Fixed an broken pipe error in the Vuurmuur_conf Status Section on Gentoo systems. Thanks for the report Sebastian.
  • Added some input validation to vuurmuur_script.

0.5.68 alpha 2

  • Plugins are now stored in (libdir)/vuurmuur/plugins, the plugin config in (sysconfdir)/vuurmuur/plugins. Removed the plugindir option.
  • Helpfiles are now stored in (datadir)/vuurmuur/help.
  • If you are using a translation of vuurmuur_conf, the helpfunction will try to open a translated helpfile first.
  • When creating a new service, it is now checked if a service with the same name already exists.
  • Fixed some bogus warnings when creating the hash-table for the connections section.
  • The status section no longer loads the hash, because it wasn't used at all.
  • Fixed portfw/dnat connections looking like incoming connections in the connection viewer.
  • Slight cosmetic fixes to the helpfile.
  • Moved the backupscript from the libvuurmuur to the vuurmuur debian package.

0.5.68 alpha 1

  • Implemented the 'print', 'add', 'delete', 'rename' and 'modify' command in vuurmuur_script.
  • When the rules are stored all " are encoded to \" and decoded when they are loaded.
  • Fixed a bug where a item added to the blocklist from the logviewer was not saved.
  • Added support for rules for acting as a dhcp-server or as a dhcp client.

0.5.67 (2005-06-03)

  • Added support for protocol ipv6-over-ipv4 passthrough (protocol number 41).
  • After changes were made to the services, the backend status is updated.
  • All protocols are now logged in the trafficlog.
  • Fixed a bogus 'internal error' message when trying to add a new group. Reported by Alex. Thanx!
  • The mangle and nat table are now properly cleaned on reloading. Thanx for the report Adi.
  • Changed the screen update function in the logviewer from wrefresh() to update_panels() + doupdate().
  • Added a per-rule options to limit the rules. A burst rate can also be supplied.
  • Vuurmuur_conf now checks if an interface is up every time you enter the 'edit interface' screen. The interface up? is also displayed a little different.
  • A german translation was contributed by Holger Ohmacht. Thank you Holger!
  • Implemented the list command in vuurmuur_script.
  • Some of the services supplied with Vuurmuur had malformed comments, which could cause an 'buffer overflow' error message. Thanx for reporting Adi!
  • Installation should no longer fail if the command 'which' is not installed.
  • The main menu, config menu's and the select boxes in the edit rule screen now all remember the position of the cursor.
  • Added gettext to the build-depends of the vuurmuur_conf debian package.
  • Cut off all lines in the helpfile at 80 chars to aid translators.
  • The Debian packages and the source installer now first backup your current config. Contributed by Adi Kriegisch.
  • Fixed memory leaks in Vuurmuur and Vuurmuur_conf.
  • Vuurmuur no longer detects changes in the rules when there are none.

0.5.66 (2005-05-19)

  • Rules and blocklist files are now created if missing. This should fix bugs introduced in 0.5.65.
  • Trying to add a host or group to the blocklist while no hosts/groups have been defined yet no longer results in a crash.
  • Fixed the installer checking the wrong etc-dir.
  • Added 'F6:interfaces' to the menu in edit network, so it is clear that the interface of a network can be editted using F6.
  • Updated the Russian translation. Thanx Alex!
  • Fixed setting the wrong plugin path when installing the Debian packages.
  • Change priority of permission warnings to info, so they appear in the log, but no longer as annoying popups.
  • Fixed another bug in the installer which cause the rules- and blocklistcovert functions to be called unneeded and with wrong parameters.

0.5.65 (2005-05-18)

  • Added support for transparant proxy's by allowing redirect rules to have a non-firewall destination as well.
  • Merged the libvuurmuur and plugins source trees, and vuurmuur and vuurmuur_log source trees.
  • Improved detection and reporting of problems in the configuration.
  • If opening the backends failed when starting Vuurmuur_conf, the user can now edit the config instead of just exitting.
  • Moved the rules and the blocklist into the pluginstructure.
  • Added a new 'Chain' action, which enables support for chains left alone by Vuurmuur. Only packets with state NEW will be sent there. The chains will be created if they don't exist.
  • Fixed a crash with trying to add a member to a group when there are no hosts in that network. Thanx for the report Heiko!
  • Added an about screen in Vuurmuur_conf.
  • Added 'firewall(any)' which is useful for creating INPUT rules where you need to connect to the external ipaddress of the firewall from your lan.
  • In the rules section you can now add horizontal lines with the L key. Press enter on a line to add a comment to it.
  • Fixed some bugs in the rule parser.
  • Changed the way the topmenu is drawn, so it will be easier to change it.
  • Removed the ESC key in Vuurmuur_conf as a key to quit because there is a delay between pressing it and the action that needs to follow it.
  • Fixed a confusing error message when not all required fields of a rule are filled in. Thanx for the report Edgar.
  • Vuurmuur now creates the logdir if it doesn't exist.
  • Vuurmuur_log now removes it's pidfile when it receives a sigterm. Thanx for the report Holger.
  • The macaddress is now properly checked and saved in Vuurmuur_conf. Thank you for reporting Heiko.
  • Added the ability to show the loglines that don't match the filter string.
  • Added the possibility to filter in the connections screen.
  • Snat rules can now also limit the interface which will be used.
  • Disabled the --test run of iptables-restore, since it did not work correctly on Debian Woody, and iptables-restore works atomicly, so there is no real need for the * test.
  • Added a Brazilian Portuguese translation contributed by Hugo Ribeiro. Thanx Hugo!

0.5.64 (2005-04-19)

  • Vuurmuur_log no longer fails to create a logfile.
  • Really fixed the MASQ action this time.
  • Fix compilation on Mandrake 10.0 and possibly on other distro's with older versions of automake. Thanx for the report Raldnor.
  • Fixed a bug where setting the Mark option caused Vuurmuur to create to many iptables rules.
  • Fixed a bug where a rule with action LOG also had log option set, resulting in double iptables rules.
  • Fixed some bogus warnings when reloading the blocklist.
  • Fixed a crash in the Zones Section of Vuurmuur_conf. Thanks for reporting Hugo and Edgar.
  • Support on the system for the mangle table and the nat table is no longer a requirement.
  • Renamed special service 'all' to 'any'.
  • Added a special zone 'any'.
  • Fixed a bug where adding a network gave an error while it actually succeeded.
  • Fixed two tiny memory leaks in Vuurmuur_conf.
  • Added a Russian translation for Vuurmuur_conf. Thanx for your contribution Aleksander!
  • Changed logrotate script to send a SIGHUP to vuurmuur_log after rotating.
  • Fixed a bug in the install script. Thanx for the report Alex.
  • Fixed a bug where adding a host to the blocklist crashed vuurmuur_conf if the blocklist location was not set.

0.5.63 (2005-04-11)

  • Fixed a bug with a loading a malformed traffic.log in Vuurmuur_conf
  • A portrange can now also be changed.
  • Updated the helpfile for the services.
  • Improved reliability of vuurmuur_log.
  • Fixed two possible crashcases in libvuurmuur. Thanks for the report Raldnor!
  • Improved the checking of the name entered when adding or renaming a host, group, network or zone. Thanks for the report Raldnor!
  • Fixed a bug where a MASQ rule ignored the service, and thus applied to all services.
  • All important modules are now on the MODULES_TO_LOAD line in the vuurmuur initscript.
  • '?' can now also be used to call the help screen.
  • Logging of blocklist violations can now be disabled.
  • UDP-limit and SYN-limit can now be disabled.
  • Files with invalid names in the backend are now silently ignored.
  • Vuurmuur_log no longer misses loglines added to the log while reloading.
  • Speeded up Vuurmuur_log reloading.
  • If applying the changes failed, vuurmuur_conf now prints an error and updates the status to 'warn'.
  • All configuration changes made in Vuurmuur_conf are now logged.
  • Added a nfmark option to the rules. Rules can now be marked for use with traffic shaping tools. Use 0 - 9 999 999 for accept rules, and 20 000 000 - 29 999 997 for QUEUE rules.
  • Because of this, the marks used with markiptstate are also changed: 29 999 998 for new,related, 29 999 999 for established.
  • Vuurmuur_conf now supports internationalisation, and comes with a full Dutch translation. Translators for other languages are welcome!
  • Vuurmuur now has a -t commandline switch that will disable the capability checking. This will asume all iptables features are supported.
  • Using REJECT with tcp-reset together with the protocol 'all' now works correctly, tcp connections will be reset, others result in a icmp-port-unreachable.
  • Fixed portfw rules with the remoteport option set. Thanks for the report Phil!

0.5.62 (2005-03-01)

  • In Vuurmuur_conf in the rules section '+' and '-' can now be use to move a rule down and up.
  • Added an option to copy (duplicate) the current rule in the rulessection.
  • Fixed an obscure bug when forwarding a service with the broadcast option set to a group.
  • If Vuurmuur cannot determine all caps, ip_queue is now still checked.
  • Added a network reference counter to the interfaces. It must be 0 before an interface can be removed.
  • Added -m tcp, -m udp or -m icmp to rules so iptables-restore should now work on Debian Woody.
  • Zones, networks, groups, hosts, interfaces and services can be renamed.
  • Fixed the status section not being displayed on a small screen with too many interfaces.
  • The interfaces section can now handle more interfaces that will fit on the screen.
  • The bandwidth usage can now be viewed in Vuurmuur_conf.
  • Vuurmuur now uses -D for daemon-mode instead of -l (-l can still be used though).
  • Performance of the rulessection when using a filter was much improved.
  • Fixed compilation warnings on Mandrake 10.1.
  • When a ruleset failes to load the tempfile is no longer removed, so it can be inspected.

0.5.61 (2005-02-08)

  • The iptables option --log-tcp-options is now supported, for use with PSAD 1.4.0.
  • Vuurmuur now tries to send a SIGHUP to vuurmuur_log when the interfaces have changed.
  • Groups and Hosts now have a blocklist referencecounter, so adding it more than once will result in a warning. Also you must now remove it first from the blocklist before the host/group can be removed.
  • libvuurmuur's ./configure now takes an option --with-config-dir=DIR which can be used to set the default config dir.
  • Fixed a tiny memory-leak in the capability-checking code.
  • Added support for creating debian packages from the source. This makes building debs for other archs possible.
  • Added support for bandwidth monitoring using IP Traffic Volume:
  • Fixed a bug with virtual devices and the markiptstate option.
  • Vuurmuur-log now also does a reverse check on the service if no service is found by a normal check.
  • A new interface by default now has all protection rules set.
  • Created a wrapper for set_field_buffer() because on Mandrake 10.1 it didn't accept our input.
  • Added '-m tcp' to all rules containing '--tcp-flags' and '--syn' because otherwise iptables-restore didn't work on Debian Woody.
  • If the vuurmuur_conf.conf file is missing, a default is now used.
  • Big updates to the helpfile.

0.5.60 (2005-01-11)

  • The backend no longer acts weird if it encounters a directory where it expected a file.
  • The version of the backendplugin is now passed to Vuurmuur.
  • Fixed loglevel again :-( this time the changed log-level (in ruleset-mode) was not applied.
  • Hosts now have a reference counter for groupmembership. When a host is still a member of a group, it can't be deleted.
  • The option that checks for changed dynamic interfaces now also checks if the interface was just brought up or down.
  • A dynamic ipaddress that is down, is not longer set inactive by Vuurmuur.
  • Increased the default udplimit-burst value to 45.
  • Added several new services.

Older changelogs: 2004

Last modified 13 years ago Last modified on 04/04/09 09:13:31
Note: See TracWiki for help on using the wiki.